rpms/pacemaker
5
0
Fork 0
Code Issues Pull Requests Releases Activity

1.1.15-3 - Apply fix for CVE-2016-7035 (improper IPC guarding)

Browse Source
This commit is contained in:
Jan Pokorný 2016-11-03 14:02:41 +01:00
parent 75b067a8df
commit 1dd7338b33
No known key found for this signature in database
GPG Key ID: 61BBB23A9E8F8DE2
2 changed files with 84 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2016-7035-improper-IPC-guarding.patch Normal file
View File

@ -0,0 +1,78 @@
From 5a20855d6054ebaae590c09262b328d957cc1fc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Thu, 3 Nov 2016 11:16:37 +0100
Subject: [PATCH] High: libcrmcommon: fix CVE-2016-7035 (improper IPC guarding)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It was discovered that at some not so uncommon circumstances, some
pacemaker daemons could be talked to, via libqb-facilitated IPC, by
unprivileged clients due to flawed authorization decision. Depending
on the capabilities of affected daemons, this might equip unauthorized
user with local privilege escalation or up to cluster-wide remote
execution of possibly arbitrary commands when such user happens to
reside at standard or remote/guest cluster node, respectively.
The original vulnerability was introduced in an attempt to allow
unprivileged IPC clients to clean up the file system materialized
leftovers in case the server (otherwise responsible for the lifecycle
of these files) crashes. While the intended part of such behavior is
now effectively voided (along with the unintended one), a best-effort
fix to address this corner case systemically at libqb is coming along
(https://github.com/ClusterLabs/libqb/pull/231).
Affected versions: 1.1.10-rc1 (2013-04-17) - 1.1.15 (2016-06-21)
Impact: Important
CVSSv3 ranking: 8.8 : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Credits for independent findings, in chronological order:
Jan "poki" Pokorný, of Red Hat
Alain Moulle, of ATOS/BULL
---
lib/common/ipc.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/lib/common/ipc.c b/lib/common/ipc.c
index f060fcd..2949837 100644
--- a/lib/common/ipc.c
+++ b/lib/common/ipc.c
@@ -293,7 +293,6 @@ crm_client_disconnect_all(qb_ipcs_service_t *service)
crm_client_t *
crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
{
- static uid_t uid_server = 0;
static gid_t gid_cluster = 0;
crm_client_t *client = NULL;
@@ -304,7 +303,6 @@ crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
}
if (gid_cluster == 0) {
- uid_server = getuid();
if(crm_user_lookup(CRM_DAEMON_USER, NULL, &gid_cluster) < 0) {
static bool have_error = FALSE;
if(have_error == FALSE) {
@@ -314,16 +312,10 @@ crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
}
}
- if(gid_cluster != 0 && gid_client != 0) {
- uid_t best_uid = -1; /* Passing -1 to chown(2) means don't change */
-
- if(uid_client == 0 || uid_server == 0) { /* Someone is priveliged, but the other may not be */
- best_uid = QB_MAX(uid_client, uid_server);
- crm_trace("Allowing user %u to clean up after disconnect", best_uid);
- }
-
+ if (uid_client != 0) {
crm_trace("Giving access to group %u", gid_cluster);
- qb_ipcs_connection_auth_set(c, best_uid, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+ /* Passing -1 to chown(2) means don't change */
+ qb_ipcs_connection_auth_set(c, -1, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
}
crm_client_init();
--
2.4.11

8
pacemaker.spec
View File

@ -2,7 +2,7 @@
%global uname hacluster %global uname hacluster
%global pcmk_docdir %{_docdir}/%{name} %global pcmk_docdir %{_docdir}/%{name}
%global specversion 2 %global specversion 3
%global pcmkversion 1.1.15 %global pcmkversion 1.1.15
# set following to the actual commit or, for final release, concatenate # set following to the actual commit or, for final release, concatenate
# "pcmkversion" macro to "Pacemaker-" (will yield a tag per the convention) # "pcmkversion" macro to "Pacemaker-" (will yield a tag per the convention)
@ -78,7 +78,7 @@
Name: pacemaker Name: pacemaker
Summary: Scalable High-Availability cluster resource manager Summary: Scalable High-Availability cluster resource manager
Version: %{pcmkversion} Version: %{pcmkversion}
Release: %{pcmk_release}%{?dist}.1 Release: %{pcmk_release}%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Url: http://www.clusterlabs.org Url: http://www.clusterlabs.org
Group: System Environment/Daemons Group: System Environment/Daemons
@ -88,6 +88,7 @@ Source1: https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagio
Patch1: 001-makefile-cleanup.patch Patch1: 001-makefile-cleanup.patch
Patch2: 002-build-cleanup.patch Patch2: 002-build-cleanup.patch
Patch3: 003-harden-toolchain.patch Patch3: 003-harden-toolchain.patch
Patch4: CVE-2016-7035-improper-IPC-guarding.patch
# --- # ---
# keep following commented out for now # keep following commented out for now
#Patch100: bz1179335-system-wide-crypto-policies.patch #Patch100: bz1179335-system-wide-crypto-policies.patch
@ -632,6 +633,9 @@ exit 0
%attr(0644,root,root) %{_datadir}/pacemaker/nagios/plugins-metadata/* %attr(0644,root,root) %{_datadir}/pacemaker/nagios/plugins-metadata/*
%changelog %changelog
* Thu Nov 03 2016 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 1.1.15-3
- Apply fix for CVE-2016-7035 (improper IPC guarding)
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.15-2.1 * Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.15-2.1
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages